From b7d81fc3b024412ba0975e9bb691ea6f74924319 Mon Sep 17 00:00:00 2001 From: Victor Julien Date: Wed, 7 Oct 2015 15:38:58 +0200 Subject: [PATCH] detect: SYN flags Add funcs to see if a rule needs a SYN flag in the packet. --- src/detect-flags.c | 38 ++++++++++++++++++++++++++++++++++++++ src/detect-flags.h | 3 +++ 2 files changed, 41 insertions(+) diff --git a/src/detect-flags.c b/src/detect-flags.c index b5b1840a82..51768f1797 100644 --- a/src/detect-flags.c +++ b/src/detect-flags.c @@ -522,6 +522,44 @@ static void DetectFlagsFree(void *de_ptr) if(de) SCFree(de); } +int DetectFlagsSignatureNeedsSynPackets(const Signature *s) +{ + const SigMatch *sm; + for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + switch (sm->type) { + case DETECT_FLAGS: + { + const DetectFlagsData *fl = (const DetectFlagsData *)sm->ctx; + + if (!(fl->modifier == MODIFIER_NOT) && (fl->flags & TH_SYN)) { + return 1; + } + break; + } + } + } + return 0; +} + +int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s) +{ + const SigMatch *sm; + for (sm = s->sm_lists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) { + switch (sm->type) { + case DETECT_FLAGS: + { + const DetectFlagsData *fl = (const DetectFlagsData *)sm->ctx; + + if (!(fl->modifier == MODIFIER_NOT) && (fl->flags == TH_SYN)) { + return 1; + } + break; + } + } + } + return 0; +} + /* * ONLY TESTS BELOW THIS COMMENT */ diff --git a/src/detect-flags.h b/src/detect-flags.h index 0eaaa28214..333ed91021 100644 --- a/src/detect-flags.h +++ b/src/detect-flags.h @@ -56,4 +56,7 @@ void DetectFlagsRegister (void); void FlagsRegisterTests(void); +int DetectFlagsSignatureNeedsSynPackets(const Signature *s); +int DetectFlagsSignatureNeedsSynOnlyPackets(const Signature *s); + #endif /*__DETECT_FLAGS_H__ */